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DETAILED ACTION 

1 . In view of the appeal brief filed on 1/29/2007, PROSECUTION IS HEREBY 
REOPENED. See the new grounds of rejection set forth below. 

To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed 
by an appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee and 
appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth 
in 37 CFR 41 .20 have been increased since they were previously paid, then appellant 
must pay the difference between the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by 
signing below: 



Donald Sparks 
SPE, AU2187 
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2. This Office Action is in response to the filing of the Appeal Brief on 1/29/2007. 
The arguments have been considered but they are persuasive and moot in view of the 
new ground(s) of rejection. Applicant's amendment, filed on 10/3/2005, necessitated 
the new ground(s) of rejection presented in this Office action. Accordingly, this action is 
made FINAL. 

3. Claims 1-33 are presented for examination. 

4. Applicant's request for withdrawal from consideration of independent claim 29, 
Appeal Brief dated 1/26/2007, page 5, last line, has been acknowledged. Cancellation 
of the claim 29 in response to this office action is required. 



Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

5. Claims 1-28, and 30-33 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. Examiner could not find the newly 
introduced limitations in independent claims 1, 16, 30 and 31 "at least one map failure 
indicator and the corresponding identifier from the first set of file security attributes, 
wherein the map failure indicator indicates that said identifier relates to the first file 
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security model" from the specification. 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another 
filed in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351 (a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United States 
and was published under Article 21(2) of such treaty in the English language. 

7. Claims 1-33 are rejected under 35 U.S.C. 102(e) as being anticipated by Hitz 
et al., US Patent no. 6,457,130. 

8. In re claim 1 , Hitz et al. shows a method for managing file security attributes [fig 
1; col 4, lines 12-48] by a file server [1 10, fig 1] in a computer file storage system [fig 1], 
the computer file storage system including a file secured using a first file security model 
[fig 1], the method comprising: 

receiving a first request [col 3, line 45; col 5, line 36] from a client [120, fig 1] 
relating to the file [112, fig 1] stored in the computer file storage system, the client 
utilizing a second file security model [NT, 120, fig 1]; 

retrieving a first set of file security attributes, in accordance with the first file 
security model, associated with the file [col 4, lines 12-29], the first set of file security 
attributes including at least an owner identifier [UID, col 4, line 16] and a group identifier 
[GID, col 4, line 17]; and 

generating a second set of file security attributes [col 6, lines 1-10], in 
accordance with the second file security model, from the first set of file security 
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attributes, the second set of file security attributes including a plurality of security 
identifiers (SID) [col 4, lines 46-47] including at least an owner SID [col 4, line 46] 
derived from the owner identifier and a group SID [col 4, line 47] derived from the group 
identifier, wherein at least one of the owner SID and the group SID includes at least one 
map failure indicator ["If there is no such NT user, the file server 110 uses a selected 
parameter for unmapped Unix users." col 6, lines 54-58] and the corresponding 
identifier ["obtain the SIDs", col 6, lines 59-61] from the first set of file security attributes, 
wherein the map failure indicator indicates that said identifier relates to the first file 
security model. 

9. In re claim 2, Hitz et al. shows the at least one map failure indicator includes an 
authority identifier, specific to the first file security model, and an owner/group indicator 
having a first value to indicate that the identifier is the owner identifier from the first set 
of security attributes [col 6, lines 54-58], and a second value to indicate that the 
identifier is the group identifier from the first set of security attributes [col 6, lines 59-61]. 

10. In re claim 3, Hitz et al. shows the at least one map failure indicator includes an 
authority identifier, specific to*the first file security model, having a first value to indicate 
that the identifier is the owner identifier from the first set of file security attributes and a 
second value to indicate that the identifier is the group identifier from the first set of file 
security attributes [col 6, lines 54-58]. 

11. In re claim 4, Hitz et al. shows generating the second set of file security attributes 
[col 6, lines 25-61] from the first set of file security attributes comprises: 
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attempting to map each identifier from the first set of file security attributes to a 
corresponding identifier from the second set of file security attributes [col 6, lines 25-61; 
col 7, lines 53-54]; and 

generating, for each identifier from the first set of file security attributes that 
cannot be mapped to a corresponding identifier from the second set of file security 
attributes, the SID including the at least one map failure indicator and the corresponding 
identifier from the first set of file security attributes [col 6, lines 54-61; col 7, lines 60-64]. 

12. In re claim 5, Hitz et al. shows attempting to map each identifier from the first set 
of file security attributes to a corresponding identifier from the second set of file security 
attributes comprises: 

maintaining a table mapping a first set of names in accordance with the first file 
security model to a second set of names in accordance with the second file security 
model [col 6, lines 25-52]; 

determining a name from the first set of names corresponding to the identifier 
from the first set of file security attributes [col 6, lines 25-52; col 8, lines 7-10]; and 

searching the table for a name from the second set of names corresponding to 
the name from the first set of names [col 6, lines 25-52]. 

13. In re claim 6, Hitz et al. shows determining a name from the first set of names 
corresponding to the identifier from the first set of file security attributes comprises [col 
6, lines 25-52]: 

maintainting a cache mapping [col 6, lines 62-63] identifiers from the first set of 
file security attributes to names in the first set of names; and 
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searching the cache for a name from the first set of names corresponding to the 
identifier from the first set of file security attributes [col 6, lines 62-63]. 

14. In re claim 7, Hitz et al. shows sending the identifier from the first set of file 
security attributes over a communication link to a N IS server [col 7, line 59]; and 
receiving the name from the first set of names over the communication link from the NIS 
server [col 7, line 59]. 

15. In re claim 8, Hitz et al. shows transmitting the second set of file security 
attributes to the client in a response to the first request [col 5, lines 51-55]. 

16. In re claim 9, Hitz et al. shows receiving a second request from the client utilizing 
the second file security model including at least one of said SIDs including at least one 
map failure indicator [col 6, lines 54-58] and the corresponding identifier [col 6, lines 59- 
61] from the first set of file security attributes; 

» 

translating the at least one of said SIDs into a text string [col 6, lines 43-44]; and 

translatting the text string to the client in a response to the second request [col 6, 
lines 43-44]. 

17. In re claim 10, Hitz et al. shows the text string includes a representation of the 
identifier from the SID [col 6, lines 43-44]. 

18. In re claim 1 1 , Hitz et al. shows a first set of file permissions, in accordance with 
the first file security model [col 6, lines 16-48], and wherein generating the second set of 
file security attributes from the first set of file security attributes further comprises: 
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generating a second set of file permissions, in accordance with the second file 
security model, from the first set of file permissions [col 6, lines 16-48]. 

19. In re claim 12, Hitz et al. shows at least one requested change to the security 
attributes of the file [col 8, line 1 1 ], and wherein the method further comprises: 

applying the requested security attribute changes to the second set of file 
security attributes to create a modified set of file security attributes in accordance with 
the second file security model [col 8, lines 35-46]; and 

writing the modified set of file security attributes to the file [col 8, lines 35-46], 
said writing effectively changing the security model of the file from the first file security 
model to the second file security model [col 8, lines 35-46]. 

20. In re claims 13-14, Hitz et al. shows a session having a session owner and 
session group [col 4, lines 63, 46-47]. 

21 . In re claim 1 5, Hitz et al. shows translating the first set of file permissions into a 
second set of file permissions, the second set of file permissions defining owner 
permissions, group permissions, and everybody permissions [col 10, lines 1-17]. 

22. In re claim 16, Hitz et al. shows an apparatus for managing file security attributes 
in a computer file storage system [fig 1], the computer file storage system including a 
file secured using a first file security model, the file associated with a first set of file 
security attributes including an owner identifier and a group identifier [col 4, lines 8-42], 
the apparatus comprising: 

a network interface [120, fig 1] for communicating with clients over a 
communication network [fig 1]; 
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a storage interface [1 10, fig 1] for communicating with a file storage device [1 1 1]; 

and 

file security logic [CIFS, NFS, fig 1] operating between the network interface and 
the storage interface for managing file security attributes, the file security logic including 
logic for generating a second set of file security attributes, in accordance with a second 
file security model [col 6, lines 1-10], from the first set of file security attributes, the 
second set of file security attributes including at least an owner SID derived from the 
owner identifier and a group SID derived from the group identifier [col 4, lines 12-54; col 
6, lines 25-52], wherein at least one of the owner SID and the group SID includes at 
least one map failure indicator [col 6, lines 54-58] and the corresponding identifier [col 6, 
lines 59-61] from the first set of file security attributes, wherein the map failure indicator 
indicates that said identifier relates to the first file security model. 

23. In re claim 29, Hitz et al. shows an apparatus for managing file security attributes 
[fig 1; col 4, lines 12-48] in a computer file storage system [fig 1], the apparatus 
comprising: 

means for translating an owner identifier in accordance with a first file security 
model into an owner SID, compatible with a second file security model [col 6, lines 25- 
30; col 4, lines 12-56]; 

means for translating a group identifier in accordance with a first file security 
model into a group SID, compatible with the second file security model [col 6, lines 25- 
30; col 4, lines 12-56]; and 
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* 

means for translating file access permissions, in accordance with a first file 
security model, into an access control list, compatible with the second file security 
model [col 6, lines 25-30; col 4, lines 12-56]. 

24. Claims 17-28 and 30-33 are rejected under the same rationale as discussed 
above in claims 1-16 and 29. 

Response to Arguments 

Applicant's arguments have been fully considered but they are not persuasive. 
In the remarks, applicants argued in substance that (1) Hitz does not show one 

■ 

map failure indicator and the corresponding identifier from the first set of file security 
attributes, wherein the map failure indicator indicates that said identifier relates to the 
first file security model. 

Examiner respectfully traverses applicants' remarks. 

As to point (1), Hitz shows one map failure indicator ["If there is no such NT user, 
the file server 110 uses a selected parameter for unmapped Unix users, col 6, lines 
54-58] and the corresponding identifier ["obtain the SIDs", col 6, lines 59-61] from the 
first set of file security attributes , wherein the map failure indicator indicates that said 
identifier relates to the first file security model. 
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Conclusion 

This Office Action is in response to the filing of the Appeal Brief on 1/29/2007. 
The arguments have been considered but they are persuasive and moot in view of the 
new ground(s) of rejection. Applicant's amendment, filed on 10/3/2005, necessitated 
the new ground(s) of rejection presented in this Office action. Accordingly, this action is 
made FINAL See MPEP § 706.07(a). Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any response to this action should be mailed to: 

Mail Stop 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

The centralized fax number is 571-273-8300. 

The centralized hand carry paper drop off location is: 
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U.S. Patent and Trademark Office 
Customer Service Window, Mail Stop 
Randolph Building 
401 Dulany Street 
Alexandria, VA 22314 



Any inquiry of a general nature or relating to the status of this application should 
be directed to the central telephone number (571 ) 272-21 00. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Harold Kim whose telephone number is 571-272-4148. 
The examiner can normally be reached on Monday-Friday 9AM-5PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Donald Sparks can be reached on 571-272-4201. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 or call 571-272-1000. / /] At A / 



DONALD SIMRKS 
SUPERVISORY PATENT EXAMINER 




